template_dir = $SMARTY['orig']; $tpl->compile_dir = $SMARTY['comp']; // Connect to the database @mysql_connect($db_host, $db_user, $db_password) or die('not connected'); // Select the database $dbc = @mysql_select_db($db_name) or die ('no database selected'); // Switch state switch($_GET['state']) { // Signin case "signin": // If the submit button has been pressed if(isset($_POST['submit'])) { // Check for an email address if(empty($_POST['email'])) { $error['email'] = 'Required field'; } else { $tpl->assign('email', $_POST['email']); } // Check for a password if(empty($_POST['userpass'])) { $error['userpass'] = 'Required field'; } else { $tpl->assign('userpass', $_POST['userpass']); } // Check to see if the user is in the system if(!empty($_POST['email']) && !empty($_POST['userpass'])) { // Get user information $sql = "SELECT user_id, firstname, lastname FROM users WHERE email = '{$_POST['email']}' AND userpass = SHA('{$_POST['userpass']}') LIMIT 1"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); // If the user isn't in the system if(!$row) { $error['general'] = 'Invalid email or password'; } } // If there are no errors, create a session for the user if(sizeof($error) == 0) { // Create a new session session_start(); // Add session variables $_SESSION['user_id'] = $row['user_id']; $_SESSION['firstname'] = $row['firstname']; $_SESSION['lastname'] = $row['lastname']; // Redirect user header("Location: admin.php"); } else { // Assign errors $tpl->assign('error', $error); } } // Display template $tpl->display('signin.tpl'); break; // Signout case "signout": // Continue session session_start(); // Destroy session session_destroy(); // Redirect user header('Location: index.php'); break; // View profile case "viewprofile": // Continue session session_start(); // Check if user is signed in if($_SESSION['user_id']) { $tpl->assign('signedin', true); } // Get user information $sql = "SELECT firstname, lastname FROM users WHERE user_id = '{$_GET['user']}'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $tpl->assign('firstname', $row['firstname']); $tpl->assign('lastname', $row['lastname']); // Get status messages for that user $sql = "SELECT status_id, status, DATE_FORMAT(statusdate, '%M %d, %Y') AS formatteddate FROM status WHERE user_id = '{$_GET['user']}' ORDER BY statusdate DESC"; $result = mysql_query($sql); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $posts[] = array( 'status_id' => $row['status_id'], 'status' => $row['status'], 'statusdate' => $row['formatteddate'] ); } $tpl->assign('posts', $posts); // Display template $tpl->display('profile.tpl'); break; // Register case "register": // If the submit button has been pressed if(isset($_POST['submit'])) { // Check for a firstname if(empty($_POST['firstname'])) { $error['firstname'] = 'Required field'; } else { $tpl->assign('firstname', $_POST['firstname']); } // Check for a lastname if(empty($_POST['lastname'])) { $error['lastname'] = 'Required field'; } else { $tpl->assign('lastname', $_POST['lastname']); } // Check for an email address if(empty($_POST['email'])) { $error['email'] = 'Required field'; } else { // Check to make sure that this user doesn't already exist $sql = "SELECT user_id FROM users WHERE email = '{$_POST['email']}' LIMIT 1"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); // If the user is already in the system if($row) { $error['email'] = 'User already exists'; } $tpl->assign('email', $_POST['email']); } // Check for a password if(empty($_POST['userpass'])) { $error['userpass'] = 'Required field'; } else { $tpl->assign('userpass', $_POST['userpass']); } // If there are no errors, insert the user into the database if(sizeof($error) == 0) { // Insert user into the database $sql = "INSERT INTO users ( user_id, firstname, lastname, email, userpass, registerdate ) VALUES ( null, '{$_POST['firstname']}', '{$_POST['lastname']}', '{$_POST['email']}', SHA('{$_POST['userpass']}'), NOW() )"; $result = mysql_query($sql); // Get user_id $user_id = mysql_insert_id(); // Create a new session session_start(); // Add session variables $_SESSION['user_id'] = $user_id; $_SESSION['firstname'] = $_POST['firstname']; $_SESSION['lastname'] = $_POST['lastname']; // Send a welcome e-mail $message = 'Dear ' . $_POST['firstname'] . ' ' . $_POST['lastname'] . ',' . "\n\n"; $message = $message . 'Thanks for signing up to use the wall-type-thing site!'; mail($_POST['email'], 'Wall Confirmation', $message, "From: admin@someaddress.com"); // Redirect user header("Location: admin.php"); } else { // Assign errors $tpl->assign('error', $error); } } // Display template $tpl->display('register.tpl'); break; // Display homepage default: // Continue session session_start(); // Check if user is signed in if($_SESSION['user_id']) { $tpl->assign('signedin', true); } // Get all posts $sql = "SELECT a.user_id AS user_id, a.firstname AS firstname, a.lastname AS lastname, b.status AS status, DATE_FORMAT(b.statusdate, '%M %d, %Y') AS formatteddate FROM users a, status b WHERE a.user_id = b.user_id ORDER BY b.statusdate DESC"; $result = mysql_query($sql); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $posts[] = array( 'user_id' => $row['user_id'], 'firstname' => $row['firstname'], 'lastname' => $row['lastname'], 'status' => $row['status'], 'statusdate' => $row['formatteddate'] ); } $tpl->assign('posts', $posts); // Display template $tpl->display('index.tpl'); break; } ?>